1. Field of the Invention
The present invention relates to the protection of computer systems. More particularly, the present invention relates to a behavior-blocking system and method.
2. Description of the Related Art
Buffer overflow techniques have been used by malicious hackers and virus writers to attack computer systems. Buffers are data storage areas, which generally hold a predefined amount of finite data. A buffer overflow occurs when a program attempts to store data into the buffer, where the data is larger than the size of the buffer.
One category of buffer overflow, sometimes called stack-based buffer overflow, involves overwriting stack memory. Stack-based buffer overflow is typically caused by programs that do not verify the length of the data being copied into a buffer.
When the data exceeds the size of the buffer, the extra data can overflow into the adjacent memory locations. In this manner, it is possible to corrupt valid data and possibly to change the execution flow and instructions. Thus, by exploiting a buffer overflow, it is possible to inject malicious code, sometimes called shell code, into the execution flow. This shell code allows remote system level access, giving unauthorized access to not only malicious hackers, but also to replicating malware, e.g., worms.